Accueil Explorer Aide
Connexion
tum
/
soc
Suivre 1
Voter 0
Fork 0
Code Tickets 0 Pull Requests 0 Commits 22 Publications 0 Wiki

Aucune description

Aborescence: 922e61ec37
Branches Tags
soc
/
iris-web
/
source
/
app
/
blueprints
/
pages
/
case
/
case_timelin...

case_timeline_routes.py 6.4KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148 
  1. #  IRIS Source Code
    2. 

  2. #  Copyright (C) 2021 - Airbus CyberSecurity (SAS) - DFIR-IRIS Team
    3. 

  3. #  ir@cyberactionlab.net - contact@dfir-iris.org
    4. 

  4. #
    5. 

  5. #  This program is free software; you can redistribute it and/or
    6. 

  6. #  modify it under the terms of the GNU Lesser General Public
    7. 

  7. #  License as published by the Free Software Foundation; either
    8. 

  8. #  version 3 of the License, or (at your option) any later version.
    9. 

  9. #
    10. 

  10. #  This program is distributed in the hope that it will be useful,
    11. 

  11. #  but WITHOUT ANY WARRANTY; without even the implied warranty of
    12. 

  12. #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    13. 

  13. #  Lesser General Public License for more details.
    14. 

  14. #
    15. 

  15. #  You should have received a copy of the GNU Lesser General Public License
    16. 

  16. #  along with this program; if not, write to the Free Software Foundation,
    17. 

  17. #  Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
    18. 

  18. 

  19. from flask import Blueprint
    20. 

  20. from flask import redirect
    21. 

  21. from flask import render_template
    22. 

  22. from flask import url_for
    23. 

  23. from flask_wtf import FlaskForm
    24. 

  24. 

  25. from app.datamgmt.case.case_events_db import get_case_assets_for_tm
    26. 

  26. from app.datamgmt.case.case_events_db import get_case_event
    27. 

  27. from app.datamgmt.case.case_events_db import get_case_events_comments_count
    28. 

  28. from app.datamgmt.case.case_events_db import get_case_iocs_for_tm
    29. 

  29. from app.datamgmt.case.case_events_db import get_default_cat
    30. 

  30. from app.datamgmt.case.case_events_db import get_event_assets_ids
    31. 

  31. from app.datamgmt.case.case_events_db import get_event_iocs_ids
    32. 

  32. from app.datamgmt.case.case_events_db import get_events_categories
    33. 

  33. from app.datamgmt.manage.manage_attribute_db import get_default_custom_attributes
    34. 

  34. from app.forms import CaseEventForm
    35. 

  35. from app.models.authorization import CaseAccessLevel
    36. 

  36. from app.models.authorization import User
    37. 

  37. from app.models.cases import Cases
    38. 

  38. from app.models.cases import CasesEvent
    39. 

  39. from app.blueprints.access_controls import ac_case_requires
    40. 

  40. from app.blueprints.responses import response_error
    41. 

  41. 

  42. _EVENT_TAGS = ['Network', 'Server', 'ActiveDirectory', 'Computer', 'Malware', 'User Interaction']
    43. 

  43. 

  44. case_timeline_blueprint = Blueprint('case_timeline',
    45. 

  45.                                     __name__,
    46. 

  46.                                     template_folder='templates')
    47. 

  47. 

  48. 

  49. @case_timeline_blueprint.route('/case/timeline', methods=['GET'])
    50. 

  50. @ac_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access)
    51. 

  51. def case_timeline(caseid, url_redir):
    52. 

  52.     if url_redir:
    53. 

  53.         return redirect(url_for('case_timeline.case_timeline', cid=caseid, redirect=True))
    54. 

  54. 

  55.     case = Cases.query.filter(Cases.case_id == caseid).first()
    56. 

  56.     form = FlaskForm()
    57. 

  57. 

  58.     return render_template("case_timeline.html", case=case, form=form)
    59. 

  59. 

  60. 

  61. @case_timeline_blueprint.route('/case/timeline/visualize', methods=['GET'])
    62. 

  62. @ac_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access)
    63. 

  63. def case_getgraph_page(caseid, url_redir):
    64. 

  64.     if url_redir:
    65. 

  65.         return redirect(url_for('case_timeline.case_getgraph_page', cid=caseid, redirect=True))
    66. 

  66. 

  67.     return render_template("case_graph_timeline.html")
    68. 

  68. 

  69. 

  70. @case_timeline_blueprint.route('/case/timeline/events/<int:cur_id>/comments/modal', methods=['GET'])
    71. 

  71. @ac_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access)
    72. 

  72. def case_comment_modal(cur_id, caseid, url_redir):
    73. 

  73.     if url_redir:
    74. 

  74.         return redirect(url_for('case_timeline.case_timeline', cid=caseid, redirect=True))
    75. 

  75. 

  76.     event = get_case_event(cur_id, caseid=caseid)
    77. 

  77.     if not event:
    78. 

  78.         return response_error('Invalid event ID')
    79. 

  79. 

  80.     return render_template("modal_conversation.html", element_id=cur_id, element_type='timeline/events',
    81. 

  81.                            title=event.event_title)
    82. 

  82. 

  83. 

  84. @case_timeline_blueprint.route('/case/timeline/events/<int:cur_id>/modal', methods=['GET'])
    85. 

  85. @ac_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access)
    86. 

  86. def event_view_modal(cur_id, caseid, url_redir):
    87. 

  87.     if url_redir:
    88. 

  88.         return redirect(url_for('case_timeline.case_timeline', cid=caseid, redirect=True))
    89. 

  89. 

  90.     event = get_case_event(cur_id, caseid)
    91. 

  91.     if not event:
    92. 

  92.         return response_error("Invalid event ID for this case")
    93. 

  93. 

  94.     form = CaseEventForm()
    95. 

  95.     form.event_title.render_kw = {'value': event.event_title}
    96. 

  96.     form.event_content.data = event.event_content
    97. 

  97.     form.event_raw.data = event.event_raw
    98. 

  98.     form.event_source.render_kw = {'value': event.event_source}
    99. 

  99.     form.event_in_graph.data = event.event_in_graph
    100. 

  100.     form.event_in_summary.data = event.event_in_summary
    101. 

  101. 

  102.     categories = get_events_categories()
    103. 

  103.     form.event_category_id.choices = [(c.id, c.name) for c in categories]
    104. 

  104. 

  105.     assets = get_case_assets_for_tm(caseid)
    106. 

  106.     iocs = get_case_iocs_for_tm(caseid)
    107. 

  107. 

  108.     assets_prefill = get_event_assets_ids(cur_id, caseid)
    109. 

  109.     iocs_prefill = get_event_iocs_ids(cur_id, caseid)
    110. 

  110.     comments_map = get_case_events_comments_count([cur_id])
    111. 

  111. 

  112.     usr_name, = User.query.filter(User.id == event.user_id).with_entities(User.name).first()
    113. 

  113. 

  114.     return render_template("modal_add_case_event.html", form=form, event=event, user_name=usr_name, tags=_EVENT_TAGS,
    115. 

  115.                            assets=assets, iocs=iocs, comments_map=comments_map,
    116. 

  116.                            assets_prefill=assets_prefill, iocs_prefill=iocs_prefill,
    117. 

  117.                            category=event.category, attributes=event.custom_attributes)
    118. 

  118. 

  119. 

  120. @case_timeline_blueprint.route('/case/timeline/filter-help/modal', methods=['GET'])
    121. 

  121. @ac_case_requires(CaseAccessLevel.read_only, CaseAccessLevel.full_access)
    122. 

  122. def case_filter_help_modal(caseid, url_redir):
    123. 

  123.     if url_redir:
    124. 

  124.         return redirect(url_for('case_timeline.case_timeline', cid=caseid, redirect=True))
    125. 

  125. 

  126.     return render_template("modal_help_filter_tm.html")
    127. 

  127. 

  128. 

  129. @case_timeline_blueprint.route('/case/timeline/events/add/modal', methods=['GET'])
    130. 

  130. @ac_case_requires(CaseAccessLevel.full_access)
    131. 

  131. def case_add_event_modal(caseid, url_redir):
    132. 

  132.     if url_redir:
    133. 

  133.         return redirect(url_for('case_timeline.case_timeline', cid=caseid, redirect=True))
    134. 

  134. 

  135.     event = CasesEvent()
    136. 

  136.     event.custom_attributes = get_default_custom_attributes('event')
    137. 

  137.     form = CaseEventForm()
    138. 

  138.     assets = get_case_assets_for_tm(caseid)
    139. 

  139.     iocs = get_case_iocs_for_tm(caseid)
    140. 

  140.     def_cat = get_default_cat()
    141. 

  141.     categories = get_events_categories()
    142. 

  142.     form.event_category_id.choices = [(c.id, c.name) for c in categories]
    143. 

  143.     form.event_in_graph.data = True
    144. 

  144. 

  145.     return render_template("modal_add_case_event.html", form=form, event=event,
    146. 

  146.                            tags=_EVENT_TAGS, assets=assets, iocs=iocs, assets_prefill=None, category=def_cat,
    147. 

  147.                            attributes=event.custom_attributes)
    148. 

  148.